WIRED - Jan 23 - Tinder's mobile apps still lack the standard encryption necessary to keep photos, swipes, and matches hidden from snoops, according to researchers at Tel Aviv-based app security firm Checkmarx. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. Checkmarx says it notified Tinder about its findings in November, but the company has yet to fix the problems. To fix it, Checkmarx says Tinder should not only encrypt photos, but also "pad" the other commands in its app, adding noise so that each command appears as the same size or so that they're indecipherable amid a random stream of data.